Regular rotation of passwords, keys and privileged credentials is a critical best practice that greatly reduces an organization’s risk of falling victim to cyberattacks. By limiting the lifespan of a password, organizations can reduce the amount of time during which a compromised password may be valid.
Password, key and credential rotation – a feature of Privileged Access Management (PAM) – enables organizations to reset privileged credentials on an automated schedule. However, traditional PAM tools are complex, expensive, difficult to deploy and difficult to use – and do not monitor and protect every user on every device from every location.
Keeper’s new password rotation feature enables organizations to easily update users’ privileged credentials on an automated schedule through an easy-to-use centralized PAM platform.
Keeper Security and TrendCandy Research surveyed 400+ IT and security professionals to determine the common challenges companies face with their current Privileged Access Management (PAM) tools. Not only are significant components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for. Key findings:
87% of respondents said they would prefer a simplified version of PAM that is easy to deploy and easy to use.
68% of respondents said their current PAM solution has several features they don’t need.
84% said they want to streamline their PAM solution in 2023.
KeeperPAM is Revolutionizing Privileged Access Management (PAM)
No need to open any external ports, the solution uses SSL to communicate with Keeper
No command line tools or scripting needed
On-demand and automated rotation with a flexible schedule
Rotate on-premises and cloud credentials/records
Flexible post-rotation actions
Keeper Security’s next-gen Privileged Access Management (PAM) platform – KeeperPAM – delivers enterprise-grade password, secrets and connection management in one unified solution. With Keeper’s password rotation feature, KeeperPAM enables organizations to automate the changing/resetting of system credentials like Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Azure IAM accounts, Windows/Mac/Linux user accounts and more.
Credential-based attacks represent 82% of all data breaches (according to the 2022 Verizon Data Breach Investigations Report). By limiting the lifespan of a password, organizations can reduce the time that a compromised password may be valid.
Unlike traditional PAM solutions, the password rotation configuration in KeeperPAM is managed through the vault and admin console with a lightweight component on-premises to perform the rotation. KeeperPAM supports Keeper’s zero-knowledge, zero-trust architecture, which always encrypts and decrypts data at the local device level. Keeper never has access to the data in a user’s vault.
Password rotation through KeeperPAM is available on the Keeper Desktop App and Web Vault.
Password Rotation Features
Automatically rotate credentials for machines, service accounts and user accounts across your infrastructure
Schedule rotations to occur at any time or on demand
Perform post-rotation actions such as restarting services, or running other applications as needed
Create compliance reporting on shared privileged accounts
How KeeperPAM Password Rotation Works
Establish a Gateway
Keeper password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. The gateway creates an outbound connection to Keeper’s cloud security vault, establishing a secure tunnel for retrieving rotation requests.
The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets for performing rotation and communicating with the target devices. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.
Rotation is configured and managed entirely through the Keeper Web Vault or Desktop Application. Secrets, rotation schedules and network settings are all stored as encrypted records in Keeper’s cloud vault.
Rotation is easy to deploy and manage within a team. You can easily share access to records and manage which secrets are visible to the gateway using Keeper’s Shared Folders.
Craig Lurey is the CTO and Co-Founder of Keeper Security. Craig leads Keeper’s software development and technology infrastructure team. Craig and Darren have been active business partners in a series of successful ventures for over 20 years. Prior to building Keeper, Craig served at Motorola as a software engineer creating firmware for cellular base station infrastructure and founded Apollo Solutions, an online software platform for the computer reseller industry which was acquired by CNET Networks. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University.
Get the latest cybersecurity news and updates sent straight to your inbox
Share this blog
You May Also Like
Introducing 24-Word Recovery Phrases – The Most Secure Recovery Method
Keeper Security continually invests in new, more robust technologies to counter emerging threats. That’s why Keeper is upgrading our account recovery process via a new and more secure 24-word "recovery phrase" feature, replacing the current user-customizable...